@wxcafe I'm having a massive deja-vu right now. Wasn't there some other exploit around the UID that was possible in the last year and a half or so?

@spacekookie @wxcafe That bug was that services with an invalid USER= setting (e.g. with a username that started with a digit) still got started, but as root (github.com/systemd/systemd/iss).

This one is a straight bug in polkit. I don't think there is anything that systemd can do, other than to stop using polkit entirely.

@spacekookie @wxcafe I'm pretty sure this bug also means that anything that demands authentication in e.g. KDE or GNOME, flatpak, fwupd,... will be open to users with a UID > INT_MAX.

Because those also use polkit.

@wxcafe mais omg comment ça se fait que personne l'a vu avant ?

@wxcafe well, at least its not a bug directly in systemd this time...

@wxcafe You could say it's a feature: special user INT_MAX, for all your system management, without superuser powers...

Last boost: in which C's automatic int coercions open a security hole.

(Also, lack of failure returns in GObject property setters...)

Sign in to participate in the conversation
Mastocafé

This is an open mastodon instance for social justice activists, LGBTQIA+ people, and people who are aware of such subjects and care about them.

See the Goals, rules, and technical details for more information